By default AngularJS provides a mechanism to implement Cross Site Request Forgery, however this mechanism works with cookies only. Since Spring Security works by setting a token as an HTTP parameter, the out of the box solution AngularJS provides wouldn’t work. There are several posted discussions about how to implement CSRF with Spring Security within single page applications. While reading these solutions, I discovered a simple AngularJS interceptor that did the trick.